https://community.checkpoint.com/t5/General-Topics/HTTPS-Traffic-Accepted-via-Implied-Rules/m-p/264106#M44583 <P>In addition, if someone wants to understand what is happening, I would suggest temporarily enabling logging for implied rules. When I first started working with Check Point, this was very useful for me.<BR /><A class="" href="https://support.checkpoint.com/results/sk/sk110218" target="_new" rel="noopener">https://support.checkpoint.com/results/sk/sk110218</A></P> Tue, 02 Dec 2025 11:44:07 GMT Vincent_Bacher 2025-12-02T11:44:07Z https://community.checkpoint.com/t5/General-Topics/HTTPS-Traffic-Accepted-via-Implied-Rules/m-p/264085#M44576 <P>Dear mates,</P> <P>The customer pointed out that a large amount of HTTPS traffic from external public IPs is being accepted by implied rules on the firewall. What could be the reason for this?</P> <P>Is there any implied rule that allows HTTPS by default?<BR />And in which scenarios should this behavior be considered a concern?</P> <P>Thanks in advance, as always!</P> Tue, 02 Dec 2025 08:07:54 GMT https://community.checkpoint.com/t5/General-Topics/HTTPS-Traffic-Accepted-via-Implied-Rules/m-p/264085#M44576 RemoteUser 2025-12-02T08:07:54Z https://community.checkpoint.com/t5/General-Topics/HTTPS-Traffic-Accepted-via-Implied-Rules/m-p/264088#M44577 <P>There are several SK articles and previous threads here that describe this scenario e.g.</P> <P><A href="https://support.checkpoint.com/results/sk/sk105740" target="_self">sk105740: HTTP and HTTPS requests to external interfaces create implied rule 0 accepts in Logs &amp; Monitor</A>&nbsp;</P> <P><A href="https://support.checkpoint.com/results/sk/sk180808" target="_self">sk180808: Security Gateway accepts HTTP/HTTPS traffic by an implied rule for its HTTP/HTTPS Web Portals, although there is an explicit rule to drop this HTTP/HTTPS traffic</A>&nbsp;</P> Tue, 02 Dec 2025 08:36:57 GMT https://community.checkpoint.com/t5/General-Topics/HTTPS-Traffic-Accepted-via-Implied-Rules/m-p/264088#M44577 Chris_Atkinson 2025-12-02T08:36:57Z https://community.checkpoint.com/t5/General-Topics/HTTPS-Traffic-Accepted-via-Implied-Rules/m-p/264106#M44583 <P>In addition, if someone wants to understand what is happening, I would suggest temporarily enabling logging for implied rules. When I first started working with Check Point, this was very useful for me.<BR /><A class="" href="https://support.checkpoint.com/results/sk/sk110218" target="_new" rel="noopener">https://support.checkpoint.com/results/sk/sk110218</A></P> Tue, 02 Dec 2025 11:44:07 GMT https://community.checkpoint.com/t5/General-Topics/HTTPS-Traffic-Accepted-via-Implied-Rules/m-p/264106#M44583 Vincent_Bacher 2025-12-02T11:44:07Z https://community.checkpoint.com/t5/General-Topics/HTTPS-Traffic-Accepted-via-Implied-Rules/m-p/264330#M44596 <P>Hey brother,</P> <P>Apart what the guys said, which is all correct, here is what I would recommend. Create a geo block rule on top of the rule base to limit access from countries you wish to block, then below that, rule that allows access to the fw on whatever services needed. Thats how I do it with literally every customer. Then, down the rulebase, you can set up stealth rule, which is src any, dst fw, service any, action drop.</P> Thu, 04 Dec 2025 01:01:33 GMT https://community.checkpoint.com/t5/General-Topics/HTTPS-Traffic-Accepted-via-Implied-Rules/m-p/264330#M44596 the_rock 2025-12-04T01:01:33Z